From 7af3568bd95fa21e9c43ee412912960734334c3f Mon Sep 17 00:00:00 2001 From: heitbaum Date: Wed, 10 Nov 2021 18:48:18 +1100 Subject: [PATCH] samba: update to 4.13.14 update 4.13.13 (2021-10-29) to 4.13.14 (2021-11-09) release notes: https://www.samba.org/samba/history/samba-4.13.14.html =============================== Release Notes for Samba 4.13.14 November 9, 2021 =============================== This is a security release in order to address the following defects: o CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication. https://www.samba.org/samba/security/CVE-2016-2124.html o CVE-2020-25717: A user on the domain can become root on domain members. https://www.samba.org/samba/security/CVE-2020-25717.html (PLEASE READ! There are important behaviour changes described) o CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC. https://www.samba.org/samba/security/CVE-2020-25718.html o CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets. https://www.samba.org/samba/security/CVE-2020-25719.html o CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). https://www.samba.org/samba/security/CVE-2020-25721.html o CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored. https://www.samba.org/samba/security/CVE-2020-25722.html o CVE-2021-3738: Use after free in Samba AD DC RPC server. https://www.samba.org/samba/security/CVE-2021-3738.html o CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability. https://www.samba.org/samba/security/CVE-2021-23192.html Changes since 4.13.13 --------------------- o Douglas Bagnall <douglas.bagnall@catalyst.net.nz> * CVE-2020-25722 o Andrew Bartlett <abartlet@samba.org> * CVE-2020-25718 * CVE-2020-25719 * CVE-2020-25721 * CVE-2020-25722 o Ralph Boehme <slow@samba.org> * CVE-2020-25717 o Alexander Bokovoy <ab@samba.org> * CVE-2020-25717 o Samuel Cabrero <scabrero@samba.org> * CVE-2020-25717 o Nadezhda Ivanova <nivanova@symas.com> * CVE-2020-25722 o Stefan Metzmacher <metze@samba.org> * CVE-2016-2124 * CVE-2020-25717 * CVE-2020-25719 * CVE-2020-25722 * CVE-2021-23192 * CVE-2021-3738 * ldb: version 2.2.3 o Andreas Schneider <asn@samba.org> * CVE-2020-25719 o Joseph Sutton <josephsutton@catalyst.net.nz> * CVE-2020-17049 * CVE-2020-25718 * CVE-2020-25719 * CVE-2020-25721 * CVE-2020-25722 * MS CVE-2020-17049 --- packages/network/samba/package.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/network/samba/package.mk b/packages/network/samba/package.mk index 9b89243b5b..cf055e0093 100644 --- a/packages/network/samba/package.mk +++ b/packages/network/samba/package.mk @@ -3,8 +3,8 @@ # Copyright (C) 2017-present Team LibreELEC (https://libreelec.tv) PKG_NAME="samba" -PKG_VERSION="4.13.13" -PKG_SHA256="2a6d9ddad5c06b3c5b593f8981a2ff3a201095c912d9ae68e7d4fe7cb5aa5f3f" +PKG_VERSION="4.13.14" +PKG_SHA256="6611a8e8fa93ea0cb3ee2cadd6269305ded40acf7f8b6a7576547e5d13f07f80" PKG_LICENSE="GPLv3+" PKG_SITE="https://www.samba.org" PKG_URL="https://download.samba.org/pub/samba/stable/${PKG_NAME}-${PKG_VERSION}.tar.gz"